There seems to be some confusion of screenshots vs webcam hacking
Screenshot = Snapshot of what's open on your desktop
Screenshot = Snapshot of what's open on your desktop
That's why I have a piece of yellow Post-it Note over my webcam until Apple devices get physical shutter.
RIP Spencer Silver and thank you for your contribution.
https://www.invent.org/inductees/spencer-silver
If they tell everyone 'there is an exploit'... then the bad people will know there is an exploit and go looking for it. Better they keep it quiet until its been fixed like they did here.If Apple really champions security and anonymity on the web, then these are things that users need to know in advance. No one wants to hear about it from a third-party. Apple has earned my trust and I get closing these flaws quietly but, in the interim, such aggressiveness can be communicated to users with a warning (maybe a color-coded scale per app) and a timeline of when a fix should be expected.
I'm a bit surprised that you can (or previously could)That is one nasty zero day exploit. Glad that Apple patched it and even more glad Jamf alerted Apple.
Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.
Description: A permissions issue was addressed with improved validation.
Yup.If they tell everyone 'there is an exploit'... then the bad people will know there is an exploit and go looking for it. Better they keep it quiet until its been fixed like they did here.
I would hope Mark knows that taping his webcam doesn't prevent screenshots.
They did fix a different issue in TCC on Catalina, so I'm guessing Catalina isn't affected by this particular bug.So…What about us folks still rockin Catalina? Is there always going to be the possibility of being exposed?
I could feel my mac mini becoming ever so slightly less snappier with each iterations of these small 4GB incremental updates.
Well I guess it makes sense since they are adding more and more new features to an OS which will only eventually make the old hardware slower. But I can figure out the difference in response time of apps between various updates (in fresh installs).The updates don't really add much heft. They're that large because they replace some huge binary blobs each time (which I think is a problematic technical decision) — but the net usage of your disk should be virtually the same.
Sigh...that's very true.
Though TBH Apple don't really help that. How often do you get a pop up saying "Random process" wants "random permission" with no explanation of what the permission or process is, no way to verify checksums of the binary etc.
Apps should be forced to give some explanation of why they want permissions.
You can check the list of binaries in Security.There should be some simple means to veriy the thing that caused the pop up to appear is a signed binary and which one.
And you expect users to read that? A lot of them click on "OK" or "Accept" before the pop-up animation finished.Apps should be forced to give some explanation of why they want permissions. Especially why, if its part of OSX, it doesn't just comepwith permission.
Taking screen shots and using the camera are two different things, you know?That's why I have a piece of yellow Post-it Note over my webcam until Apple devices get physical shutter.
RIP Spencer Silver and thank you for your contribution.
https://www.invent.org/inductees/spencer-silver
Incremental update does not mean that all of those 4GB are in addition to what you already have. There is a lot of stuff being replaced by the update. In this case most likely a good deal of the kernel and system library files.I could feel my mac mini becoming ever so slightly less snappier with each iterations of these small 4GB incremental updates.
No metadata, alas. Could be OmniGraffle, Visio, or virtually anything.What drawing software is this?
Taking screen shots and using the camera are two different things, you know?
Once installed on a victim's system, the malware was used specifically for taking screenshots of the user's desktop with no additional permissions required. Jamf said that it could be used to bypass other permissions as well, as long as the donor application the malware piggybacked off of had that permission enabled.
In the latest macOS release (11.4), Apple patched a zero-day exploit (CVE-2021-30713) which bypassed the Transparency Consent and Control (TCC) framework. This is the system that controls what resources applications have access to, such as granting video collaboration software access to the webcam and microphone, in order to participate in virtual meetings. The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent
This is my question. I cannot have all systems running on BigSur. It is such a BIG flaw that it should be.I assume this will be backported?
Thank you for pointing this out.
Not entirely clear to me why it only affects macOS 11, though.
If the victim computer is running macOS 11 or greater, it will then sign the avatarde application with an ad-hoc signature, or one that is signed by the computer itself.
Though TBH Apple don't really help that. How often do you get a pop up saying "Random process" wants "random permission" with no explanation of what the permission or process is, no way to verify checksums of the binary etc. After a bit of Googling you find the process is a part of OSX and lots of people have had the pop up.
It shouldn't be this way. If the thing is part of OSX you should be asked at install time, or at some time of your choosing, rather than having a dialog pop up over whatever work you were doing and constantly reappearing if you don't say yes.
Apps should be forced to give some explanation of why they want permissions. Especially why, if its part of OSX, it doesn't just comepwith permission.
Apple should have a detailed description of what each permission is about and it should be linked from the dialog.
There should be some simple means to veriy the thing that caused the pop up to appear is a signed binary and which one.